[unisog] Password policies
docbook.xml at gmail.com
Wed Apr 19 17:42:46 GMT 2006
> Requiring frequent changes only pushes people to writing the passwords
> on sticky notes stuck to their monitors. Is there any data to support
> the idea that changing every 3 months is better than changing every
> 3 decades?
Offcourse. It depends on how long it takes to crack / guess a
password. If a hyrid-brute-force attack takes 3 months to crack a
password, then having a password lifetime of 3 decade would be pretty
The password expiration should be set to a time period that is LESS
then the amount of time required to brute-force a password.
Saqib Ali, CISSP, ISSAP
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
More information about the unisog